Google Buzz Auto-Follows Gmail Contacts, Publicly Exposing Private Relationships
What happened
Google launched Buzz, a social layer integrated into Gmail, that automatically followed users' most frequent email contacts and made these lists public by default. The feature exposed private relationships — in one documented case, an abuse victim's location was exposed to her abuser through the auto-followed contacts list.[1]
What went wrong
Google launched a public social network feature with opt-out rather than opt-in defaults, automatically making private communication metadata public. The product team apparently did not adequately model the privacy implications of mapping social graphs from private email metadata.[1]
Lesson learned
Social features that expose private relationship data must be opt-in, never opt-out. Features are not safe at launch until worst-case privacy scenarios — including domestic abuse situations — have been modelled. Default-public settings on social features should require explicit legal and privacy review.