Google, Google+ and Lack of Transparency
When it's a matter of privacy, it's impossible to look at Facebook without looking at Google. The search giant, while lacking a social network in the strictest sense, had a Facebook moment of its own early last month when a flaw in a developer API that let app developers access users' Google+ profiles gave them a free rein to view profile information not marked as public, including full names, email addresses, birth dates, gender, profile photos, places lived, occupation, and relationship status.
Although the bug, which the Alphabet's leading subsidiary discovered back in March 2018, didn't expose Google+ posts, messages, Google account data, phone numbers, or G Suite content, Google had one job: to fix the security flaw and inform its users immediately. Patch the vulnerability it did, but the company chose not to disclose it for fear that doing so would damage its brand and reputation, especially given how Facebook was reeling from the Cambridge Analytica data fiasco right around the same time.
But then it's Google+ we are talking about. Google's so-called social network was never really used in the same way Facebook was used (more like thrusted upon its users), and its own analysis "found no evidence that any developer was aware of this bug, or abusing the API, and we found no evidence that any Profile data was misused." The problem here therefore isn't the vulnerability itself but the fact that it decided to cover-up the whole episode and not come clean until The Wall Street Journal got hold of a bunch of memos discussing the bug some seven months later.
Cut to next day after the story broke, it was business as usual. Google unveiled its shiny new lineup of Pixel 3 phones, Chrome OS tablets and Google Assistant-powered smart home gadgets. There was no discussion of Google+ or the security flap, let alone an acknowledgement. But that very day it announced that it would be shutting down the social network over the next 10 months (Google+ for G Suite will still be around), prompting a minor outcry from passionate users of the platform. But then again it's Google+ we are talking about.
Technically what happened with Google+ isn't a breach to begin with, and without a lack of clarity on what exactly was improperly accessed (if it all), it is hard to quantify the impact. The small number of affected users (approximately 500,000) and the digital ghost town that's Google+ all but meant that the blowback wouldn't be as strong as it was for Facebook (and it wasn't), but Google's lack of transparency speaks volumes about the general trend of Silicon Valley companies playing fast and loose with user privacy, only to apologise and act contrite when caught in the act.
What's more, incidents like these are another reason why public trust in tech monopolies like Facebook, Google, Amazon and Microsoft are at an all-time low. By failing to communicate with users in a timely manner that instills responsibility and trust, and by not giving them the necessary controls over their personal data, time and again they have proved that they can hurt its users and violate their privacy and security expectations, all with impunity.
Although the bug, which the Alphabet's leading subsidiary discovered back in March 2018, didn't expose Google+ posts, messages, Google account data, phone numbers, or G Suite content, Google had one job: to fix the security flaw and inform its users immediately. Patch the vulnerability it did, but the company chose not to disclose it for fear that doing so would damage its brand and reputation, especially given how Facebook was reeling from the Cambridge Analytica data fiasco right around the same time.
But then it's Google+ we are talking about. Google's so-called social network was never really used in the same way Facebook was used (more like thrusted upon its users), and its own analysis "found no evidence that any developer was aware of this bug, or abusing the API, and we found no evidence that any Profile data was misused." The problem here therefore isn't the vulnerability itself but the fact that it decided to cover-up the whole episode and not come clean until The Wall Street Journal got hold of a bunch of memos discussing the bug some seven months later.
Cut to next day after the story broke, it was business as usual. Google unveiled its shiny new lineup of Pixel 3 phones, Chrome OS tablets and Google Assistant-powered smart home gadgets. There was no discussion of Google+ or the security flap, let alone an acknowledgement. But that very day it announced that it would be shutting down the social network over the next 10 months (Google+ for G Suite will still be around), prompting a minor outcry from passionate users of the platform. But then again it's Google+ we are talking about.
Technically what happened with Google+ isn't a breach to begin with, and without a lack of clarity on what exactly was improperly accessed (if it all), it is hard to quantify the impact. The small number of affected users (approximately 500,000) and the digital ghost town that's Google+ all but meant that the blowback wouldn't be as strong as it was for Facebook (and it wasn't), but Google's lack of transparency speaks volumes about the general trend of Silicon Valley companies playing fast and loose with user privacy, only to apologise and act contrite when caught in the act.
What's more, incidents like these are another reason why public trust in tech monopolies like Facebook, Google, Amazon and Microsoft are at an all-time low. By failing to communicate with users in a timely manner that instills responsibility and trust, and by not giving them the necessary controls over their personal data, time and again they have proved that they can hurt its users and violate their privacy and security expectations, all with impunity.
Comments
Post a Comment